package com.itbaizhan.config;

import com.itbaizhan.security.MyLoginSuccessHandler;
import org.springframework.boot.autoconfigure.batch.BatchDataSource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @author spf
 * @date 2024/3/6
 * @time 16:28
 */
@Configuration
public class SecurityConfig {
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        // 自定义表单登录
        http.formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer
                .usernameParameter("username")
                .passwordParameter("password")
                .loginProcessingUrl("/login")
                .successHandler(new MyLoginSuccessHandler()));
//                .failureHandler(new MyLoginFailureHandler()));
//        http.formLogin()
//                .usernameParameter("username")
//                .passwordParameter("password")
//                .loginProcessingUrl("/admin/login")
//                .successHandler(new MyLoginSuccessHandler())
//                .failureHandler(new MyLoginFailureHandler());

        http.authorizeRequests(auth -> auth.requestMatchers("/login/sendYZM").permitAll()
                .anyRequest().authenticated());
        http.csrf(scrf -> scrf.disable());
//        // 权限拦截配置
//        http.authorizeRequests()
//                .antMatchers("/login").permitAll()
//                .antMatchers("/admin/login").permitAll()
//                .anyRequest().authenticated();

        // 退出登录配置
//        http.logout()
//                .logoutUrl("/admin/logout")
//                .logoutSuccessHandler(new MyLogoutSuccessHandler())
//                .clearAuthentication(true)
//                .invalidateHttpSession(true);

        // 异常处理
//        http.exceptionHandling()
//                .authenticationEntryPoint(new MyAuthenticationEntryPoint())
//                .accessDeniedHandler(new MyAccessDeniedHandler());

        // 关闭csrf防护
//        http.csrf().disable();

        // 开启跨域请求
//        http.cors();
        return http.build();
    }
}
